Charles Leaver – Never Allow Operational Issues To Become Problems For Security

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver

Return to Fundamentals With Hygiene And Avoid Serious Problems

When you were a kid you will have been taught that brushing your teeth appropriately and flossing will avoid the requirement for costly crowns and root canal treatments. Fundamental hygiene is way much easier and far less expensive than disregard and illness. This exact same lesson is applicable in the world of business IT – we can run a sound operation with proper endpoint and network health, or we can deal with mounting security problems and devastating data breaches as lax health extracts its burdensome toll.

Operational and Security Issues Overlap

Endpoint Detection and Response (EDR) tools like those we have created here at Ziften offer analytic insight into system operation throughout the enterprise endpoint population. They likewise offer endpoint-derived network operation insights that considerably expand on wire visibility alone and extend into cloud and virtual environments. These insights benefit both operations and security teams in substantial ways, given the significant overlap between functional and security concerns:

You can’t secure what you do not manage.
You can’t control what you don’t measure.
You cannot measure what you do not track.

Managing, measuring, and tracking has as much to do with the security role as with the operational role, do not aim to split the baby. Management indicates adherence to policy, that adherence needs to be measured, and functional measurements make up a time series that must be tracked. A few sporadic measurements of crucial dynamic time series does not have interpretive context.

Tight security does not compensate for lax management, nor does tight management compensate for lazy security. [Read that again for emphasis.] Mission execution imbalances here result in unsustainable ineffectiveness and scale challenges that undoubtedly result in major security breaches and operational shortages.

For instance, asset management and device restore as well as backup and data restore are likely operational team obligations, but they end up being significant security problems when ransomware sweeps the enterprise, bricking all devices (not just the typical endpoints, however any network connected devices such as printers, badge readers, security cameras, network routers, medical imaging devices, commercial control systems, etc.). What would your enterprise response time be to reflash and refresh all device images from scratch and restore their data? Or is your contingency strategy to promptly stuff the aggressors’ Bitcoin wallets and hope they have not exfiltrated your data for more extortion and money making. And why would you unload your data restoration duty to a criminal syndicate, blindly trusting in their perfect data restoration stability – makes definitely no sense. Functional control responsibility rests with the enterprise, not with the opponents, and may not be shirked – carry out your duty!

For another example, standard image construction using finest practices setup hardening is plainly a joint responsibility of operations and security personnel. In contrast to inefficient signature-based endpoint protection platforms (EPP), which all big business breach victims have long had in place, setup hardening works, so bake it in and constantly revitalize it. Also consider the needs of business personnel whose job function needs opening of unsolicited email attachments, such as resumes, invoices, legal notifications, or other required files. This should be carried out in a cloistered virtual sandbox environment, not on your production endpoints. Security staff will make these decisions, but operations personnel will be imaging the endpoints and supporting the workers. These are shared duties.

Concentrate Limited Security Resources on the Jobs Only They Can Carry out

A lot of large businesses are challenged to successfully staff all their security roles. Left unaddressed, deficiencies in operational effectiveness will stress out security staff so rapidly that security functions will always be understaffed. There won’t be enough fingers on your security team to jam in the multiplying holes in the security dike that lax or neglectful endpoint or network or database management produces. And it will be less difficult to staff operational roles than to staff security roles with gifted experts.

Transfer routine formulaic activities to operations personnel. Concentrate restricted security resources on the jobs only they can carry out: